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REMARKS 



Claims 1 , 2, and 8 have been amended to improve language, and in particular to 
render even more clear the relationship between the operators and the compartments. The 
scope of the claims has not been changed in anyway, and no new subject matter has been 
added. Claims 1-8 remain for examination. 



The Examiner has rejected claims 1-8 under 35 U-S.C. §103 (a) a$ being 
unpatentable over U.S. Patent 6,490,626 issued to Edwards in view of Schimunek et aL, 
"Slicing the AS/400 with logical partitioning: A how to guide". 

The present invention is addressed to a network management system that may be 
shared by more than one independent operator. In such cases, the operations systems (a 
generic reference to network management and other equipment for provisioning and 
controlling the operation of network elements) have to be strongly secured in terms of 
information flow control, so that the independent operators have no access to the operations 
systems of each other. In the present invention, mandatory access control is enforced 
within separate operating system compartments. The compartments function 
autonomously, each executing the operations software (the systems for performing network 
management) separately and in isolation from the other compartments. The number of 
compartments within the operating system corresponds to the number of operators. Each 
compartment is accessible only by the operator to which it has been assigned, and is not 
reachable by other operators. No operator is aware of other operators accessing the same 
software at the same time. The security of each operator is the same, irrespective of how 
many operators share the operations software. Updates are easy to perform, since only one 
software at a time needs to be updated. No security weaknesses are apparent, since there 
are no secret elements to protect, such as by cryptographic keys. 



In contrast, Edwards teaches a web browser running on a compartmented mode 
workstation, and not a compartmented network management system. The browser of 
Edwards uses three compartments, System Inside (SI), System Medium (SM), and System 
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Outside (SO)- The "real" browser runs in the SM compartment Trusted processes TPI 
(trusted process-inside) and TPO (trusted process-outside) have privileges that allow them 
to override the mandatory access control, for enabling the web browser to gain access to the 
internal and external networks respectively. A number of users may be present who access 
the web browser, but there is no relation between the number of users and the number of 
compartments, nor is there any association between individual user and compartments. The 
purpose of compartments in Edwards is to shield the web browser from the users and from 
the outside network, and not to provide each operator with a means of carrying out network 
management system operations software in isolation. 

The differences between Edwards and the present invention will be made more clear 
by considering the elements of the claims. 

Claim 1 is directed to a network management system (NMS). Edwards does not 
teach a network management system. The Examiner states that Edwards teaches this as 
element 252 of Figure 2. However element 252 of Figure 2 refers to a web server and not 
to a network management system. 

The NMS to which claim 1 is directed is sharable by a plurality of operators. This is 
a feature not taught by Edwards. The Examiner states that Edwards teaches this feature as 
elements 222, 230, 224, 226, and 228 of Figure 2 and at column 4 lines 47-60. Elements 
222, 230, 224, 226, and 228 are not operators, but rather are network devices and 
peripherals, and are a user machine (230) and "other apparatus, labelled w, x, y and z 
(labelled 222, 224, 226 and 228 respectively), which can be other user machines, servers or 
network appliances such as printers." (column 4 lines 33-36) Column 4 lines 47-60 does 
not mention operators, but rather recites the use of different compartments within the CMW 
machine 200 and defines sensitivity labels. 

The NMS of claim 1 includes means for assigning each operator to a respective one 
of the compartments. This is a feature not taught by Edwards. The Examiner states that 
Edwards teaches this limitation at column 4 lines 47-67. The passage recites the use of 
different compartments within the CMW machine 200, and teaches that the display server 
232 is attached to one of the compartments (the SI compartment) and that the external 
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network is attached to another one of the compartments (the SO compartment). However, 
this is not the same as assigning each operator to a respective one of the compartments. 
The Examiner has equated the operators with the elements 222, 230, 224, 226, and 228 of 
Figure 2. Even if these were to be considered operators, Edwards does not teach assigning 
each of these to a respective one of the compartments. Edwards does not teach assigning 
the elements labelled w, x, y, and z with any of the compartments. Edwards does not teach 
that any operator is assigned to the compartments 2 16, 210, or 202, which it must do in 
order to anticipate claim 1 of the present application since claim 1 also recites that there are 
an equal number of compartments and operators. 

The NMS of claim 1 also includes common operations software. This is a feature 
not taught by Edwards. The Examiner states that Edwards teaches this limitation as 
element 210 of Figure 2 and in the Abstract However, element 21 0 is a web browser 
running in only one compartment 206, and can in no way be considered to be common 
operations software also running in each of the compartments 216, 204, 208 7 and 202. In 
fact the Abstract states expressly the "Web browser (210) is configured to run in a middle 
compartment (206) of a Compartmented Mode Workstation (CMW) (200)", and the entire 
purpose of two of the compartments (SI 204 and SO 208) is to provide secure 
communication between the web browser 210 and internal and external networks through 
the other compartments, each of which contains a trusted process. It is clear from the 
Abstract that at least three of the compartments (SI, SM, and SO) contain different 
software, and not common operations software. 

The NMS of claim 1 also includes the limitation that each operator accesses the 
NMS via the access control of the compartment and the compartment executes in isolation 
the operations software for its operator. The Examiner states that Edwards teaches this 
feature at column 5 line 1 to column 6 line 46. However, this passage teaches the use of 
sensitivity labels in a prioritized way that allows processes or objects having one sensitivity 
label to interact with processes or objects having different sensitivity labels. The passage 
makes no mention of elements 222, 224, 226, and 228, which the Examiner has equated 
with the operators of claim 1 . The passage makes no mention of the compartments 204 or 
208, which the Examiner has equated with compartments of claim 1 - The passage makes 
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no mention of an NMS. The Applicant respectfully submits that the passage is irrelevant to 
this limitation of claim 1 . 

These features are also not taught by Schimunek, which in general teaches the 
logical partitioning of a particular computing platform (the AS/400). All that the passages 
of Schimunek cited by the Examiner teach is secure access to a logical partition by users 
who have been assigned to the logical partition using a user profile and a password. In fact, 
page 51 teaches that a user profile may have access to multiple logical partitions. 
Schimunek does not appear to teach a NMS, nor common operations software which, as has 
been argued in response to previous office actions, is distinct from an operating system. 

Because the Examiner has not shown where each and every element of claim 1 is 
taught by Edwards and Schimunek, either alone or in combination, the Applicant 
respectfully submits that a prima facie case of obviousness has not been established against 
claim 1. 

Claims 2 and 8 have limitations identical to many of those discussed above. 
Furthermore, the most of the Examiner's rejections of claims 2 and 8 appear identical to the 
reasons for rejecting claim 1. The only differences appear to be that Edwards teaches a 
network element in communication system (claim 2) and a network element in a 
communication system (claim 8). In each case, the Examiner has simply cited Figure 2 of 
Edwards as teaching the respective feature. The Applicant respectfully submits that this is 
not specific enough for the Applicant to make adequate response, as it is not clear which of 
the numerous network elements of Figure 2 it is that the Examiner feels are shared by a 
plurality of operators and have all the other features of the claims. 

With respect to the identical limitations and the identical reasons for rejection, the 
same arguments apply to claims 2 and 8 as were applied to claim 1. Claim 3 to 7 are 
dependent on claim 2 and include the same limitations. Because the Examiner has not 
shown where each and every element of claims 2-8 is taught by Edwards and Schimunek, 
either alone or in combination, the Applicant respectfully submits that a prima facie case of 
obviousness has not been established against claims 2-8. 
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In addition, the Applicant respectfully submits that a person skilled in the art would 
not be motivated to combine the teachings of Edwards and Schimunek. The Examiner has 
stated that "one would have been motivated to incorporate the teachings of assigning access 
control to each users operators because it would authenticate each users of each 
compartments based on assigned access control". However, it is far from clear to which 
users of Edwards the Examiner is referring. The Examiner has equated elements 222, 224, 
226, 228, and 230 of Figure 2 of Edwards with the operators of claim 1 of the present 
invention. As explained above, these elements (which are really computing devices) are 
not assigned to compartments with the CMW machine. It is therefore difficult to see how a 
person skilled in the art would be motivated to use the teachings of Schimunek to provide 
these "users' 7 with restricted access control to respective compartments. Since the 
Examiner has not shown reasonable reason why a person skilled in the art would be 
motivated to combine the teachings of Edwards and Schimunek, the Applicant submits that 
a prima facie case of obviousness has not been established against claims 1 to 8. 

In view of the foregoing, it is believed that the claims at present on file and as 
amended herein are in condition for allowance. Reconsideration and action to this end is 
respectfully requested. 



Respectfully submitted, 




S. Mark Budd 
Registration No. 53,880 
Agent of Record 
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